4. Document procedures, train employees and test the plan. An untested plan is only a half-step above no plan at all. An April 2007 report from Forrester Research states why IT leaders must be strong advocates of regular continuity and disaster plan testing: “Aside from an actual disaster, it’s your only chance to ensure that everything works the way it should. The middle of a disaster is not the time to discover your plan isn’t up to scratch.”

Quiznos’s Derosier says his company tests its continuity plan and disaster recovery system quarterly. Specifically, Quiznos checks the viability of its off-site applications by running test scenarios on the applications for each functional business unit. The company will run a dummy royalty franchise payment through the backup applications system, for example, or add a fictitious diagnostic employee to the testing roster to evaluate how the backup financial and accounting systems work. The city of Sparks, Nev., has implemented regular testing as well.

Sparks’ Davidek says that documenting business continuity procedures in the plan along with employees’ tacit knowledge of those procedures should go hand in hand with testing it. There’s nothing worse than discovering that the only person who knows how to reinstall vital applications is on vacation. Something similar happened to Davidek a few years ago while he was on vacation. He had to quickly talk a systems administrator through the time-sensitive process of re-installing RAID drives (multiple disk drives that are combined into a single entity) over the phone because two had simultaneously failed and the systems administrator on site didn’t know how to fix it. Had that knowledge of installing RAID drives been documented and shared, the situation would have been solved more quickly and with less stress. Now Davidek ensures that his staff shares their knowledge. “We cross-train people in our department to spread out among people all of those little things you learn from experience,” he says. Other disaster experts advise building online documentation and knowledge center repositories that can be accessed quickly and remotely if necessary.

5. Update the plan. If you don’t update your plan to reflect changes in business operations and business processes, your business continuity plan will not work when you’re forced to use it because it will not reflect the way the business currently runs. For example, the plan should be revised with every new product or service offering, according to Quiznos’s Derosier. Without updates, new offerings may not be covered if the plan is applied, he says. Similarly, discontinued services should be removed from the plan so that it doesn’t attempt to protect something that is no longer there. Some companies, like Quiznos, hire a full-time business continuity specialist to update the plan once it’s created.